Cyber Security Introduction

"Cybersecurity is primarily about people, processes, and technologies working together to

encompass the full range of threat reduction, vulnerability reduction, deterrence,
international engagement, incident response, resiliency, and recovery policies and activities,
including computer network operations, information assurance, law enforcement, etc."

Cybersecurity is the protection of Internet-connected systems, including hardware,

software, and data from cyber attacks. It is made up of two words one is cyber and other is
security. Cyber is related to the technology which contains systems, network and programs
or data. Whereas security related to the protection which includes systems security,
network security and application and information security.

It is the body of technologies, processes, and practices designed to protect networks,

devices, programs, and data from attack, theft, damage, modification or unauthorized
access. It may also be referred to as information technology security.

We can also define cybersecurity as the set of principles and practices designed to protect
our computing resources and online information against threats. Due to the heavy
dependency on computers in a modern industry that store and transmit an abundance of
confidential and essential information about the people, cybersecurity is a critical function
and needed insurance of many businesses.

Why is cybersecurity important?

We live in a digital era which understands that our private information is more vulnerable
than ever before. We all live in a world which is networked together, from internet banking
to government infrastructure, where data is stored on computers and other devices. A
portion of that data can be sensitive information, whether that be intellectual property,
financial data, personal information, or other types of data for which unauthorized access or
exposure could have negative consequences.
Cyber-attack is now an international concern and has given many concerns that hacks and
other security attacks could endanger the global economy. Organizations transmit sensitive
data across networks and to other devices in the course of doing businesses, and
cybersecurity describes to protect that information and the systems used to process or store
it.

As the volume of cyber-attacks grows, companies and organizations, especially those that
deal information related to national security, health, or financial records, need to take steps
to protect their sensitive business and personal information.

Cyber Security Goals

The objective of Cybersecurity is to protect information from being stolen, compromised or
attacked. Cybersecurity can be measured by at least one of three goals-

1. Protect the confidentiality of data.

2. Preserve the integrity of data.

3. Promote the availability of data for authorized users.

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all
security programs. The CIA triad is a security model that is designed to guide policies for
information security within the premises of an organization or company. This model is also
referred to as the AIC (Availability, Integrity, and Confidentiality) triad to avoid the
confusion with the Central Intelligence Agency. The elements of the triad are considered the
three most crucial components of security.
The CIA criteria are one that most of the organizations and companies use when they have
installed a new application, creates a database or when guaranteeing access to some data.
For data to be completely secure, all of these security goals must come into effect. These
are security policies that all work together, and therefore it can be wrong to overlook one
policy.

1. Confidentiality

Confidentiality is roughly equivalent to privacy and avoids the unauthorized

disclosure of information. It involves the protection of data, providing access for
those who are allowed to see it while disallowing others from learning anything about
its content. It prevents essential information from reaching the wrong people while
making sure that the right people can get it. Data encryption is a good example to
ensure confidentiality.

 Tools for Confidentiality

Encryption

Encryption is a method of transforming information to make it unreadable for

unauthorized users by using an algorithm. The transformation of data uses a secret
key (an encryption key) so that the transformed data can only be read by using
another secret key (decryption key). It protects sensitive data such as credit card
numbers by encoding and transforming data into unreadable cipher text. This
encrypted data can only be read by decrypting it. Asymmetric-key and symmetric-
key are the two primary types of encryption.

Access control

Access control defines rules and policies for limiting access to a system or to physical
or virtual resources. It is a process by which users are granted access and certain
privileges to systems, resources or information. In access control systems, users
need to present credentials before they can be granted access such as a person's
name or a computer's serial number. In physical systems, these credentials may
come in many forms, but credentials that can't be transferred provide the most
security.

Authentication

An authentication is a process that ensures and confirms a user's identity or role that
someone has. It can be done in a number of different ways, but it is usually based
on a combination of-

o something the person has (like a smart card or a radio key for storing secret
keys),

o something the person knows (like a password),

o something the person is (like a human with a fingerprint).

Authentication is the necessity of every organizations because it enables

organizations to keep their networks secure by permitting only authenticated users
to access its protected resources. These resources may include computer systems,
networks, databases, websites and other network-based applications or services.

Authorization

Authorization is a security mechanism which gives permission to do or have

something. It is used to determine a person or system is allowed access to
 resources, based on an access control policy, including computer programs, files,
services, data and application features. It is normally preceded by authentication for
user identity verification. System administrators are typically assigned permission
levels covering all system and user resources. During authorization, a system verifies
an authenticated user's access rules and either grants or refuses resource access.

Physical Security

Physical security describes measures designed to deny the unauthorized access of IT

assets like facilities, equipment, personnel, resources and other properties from
damage. It protects these assets from physical threats including theft, vandalism,
fire and natural disasters.

2. Integrity

Integrity refers to the methods for ensuring that data is real, accurate and
safeguarded from unauthorized user modification. It is the property that information
has not be altered in an unauthorized way, and that source of the information is
genuine.

 Tools for Integrity

 Backups

Backup is the periodic archiving of data. It is a process of making copies of data or

data files to use in the event when the original data or data files are lost or
destroyed. It is also used to make copies for historical purposes, such as for
longitudinal studies, statistics or for historical records or to meet the requirements of
a data retention policy. Many applications especially in a Windows environment,
produce backup files using the .BAK file extension.

Checksums

A checksum is a numerical value used to verify the integrity of a file or a data

transfer. In other words, it is the computation of a function that maps the contents
of a file to a numerical value. They are typically used to compare two sets of data to
make sure that they are the same. A checksum function depends on the entire
contents of a file. It is designed in a way that even a small change to the input file
(such as flipping a single bit) likely to results in different output value.

Data Correcting Codes

It is a method for storing data in such a way that small changes can be easily
detected and automatically corrected.

3. Availability

Availability is the property in which information is accessible and modifiable in a

timely fashion by those authorized to do so. It is the guarantee of reliable and
constant access to our sensitive data by authorized people.

 Tools for Availability

o Physical Protections

o Computational Redundancies
 Physical Protections

Physical safeguard means to keep information available even in the event of physical
challenges. It ensure sensitive information and critical information technology are
housed in secure areas.

Computational redundancies

It is applied as fault tolerant against accidental faults. It protects computers and

storage devices that serve as fallbacks in the case of failures.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious
code to alter computer code, logic or data and lead to cybercrimes, such as information
and identity theft.

Cyber-attacks can be classified into the following categories:

Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-

1. Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.

Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attacker?s computer or any other computer. The DNS spoofing attacks can go
on for a long period of time without being detected and can cause serious security issues.

3. Session Hijacking

It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.

4. Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.

5. Brute force

It is a type of attack which uses a trial and error method. This attack generates a large
number of guesses and validates them to obtain actual data like user password and
personal identification number. This attack may be used by criminals to crack encrypted
data, or by security, analysts to test an organization's network security.
6. Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users.
It accomplishes this by flooding the target with traffic or sending it information that triggers
a crash. It uses the single system and single internet connection to attack a server. It can
be classified into the following-

Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.

Protocol attacks- It consumes actual server resources, and is measured in a packet.

Application layer attacks- Its goal is to crash the web server and is measured in request
per second.

7. Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get
original password.

8. URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.

9. File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which
is available on the web server or to execute malicious files on the web server by making use
of the include functionality.

10. Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read,
insert and modify the data in the intercepted connection.
System-based attacks

These are the attacks which are intended to compromise a computer or a computer
network. Some of the important system-based attacks are as follows-

1. Virus

It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates
by inserting copies of itself into other computer programs when executed. It can also
execute instructions that cause harm to the system.

2. Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected

computers. It works same as the computer virus. Worms often originate from email
attachments that appear to be from trusted senders.

3. Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.

4. Backdoors

It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.

5. Bots

A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.
Types of Cyber Attackers
In computer and computer networks, an attacker is the individual or organization who
performs the malicious activities to destroy, expose, alter, disable, steal or gain
unauthorized access to or make unauthorized use of an asset.

As the Internet access becomes more pervasive across the world, and each of us spends
more time on the web, there is also an attacker grows as well. Attackers use every tools
and techniques they would try and attack us to get unauthorized access.

There are four types of attackers which are described below-

n ext →← prev

Cyber Criminals

Cyber criminals are individual or group of people who use technology to commit cybercrime
with the intention of stealing sensitive company information or personal data and generating
profits. In today's, they are the most prominent and most active type of attacker.
Cybercriminals use computers in three broad ways to do cybercrimes-

o Select computer as their target- In this, they attack other people's computers to
do cybercrime, such as spreading viruses, data theft, identity theft, etc.

o Uses the computer as their weapon- In this, they use the computer to do
conventional crime such as spam, fraud, illegal gambling, etc.

o Uses the computer as their accessory- In this, they use the computer to steal
data illegally.

Hacktivists

Hacktivists are individuals or groups of hackers who carry out malicious activity to promote
a political agenda, religious belief, or social ideology. According to Dan Lohrmann, chief
security officer for Security Mentor, a national security training firm that works with states
said "Hacktivism is a digital disobedience. It's hacking for a cause." Hacktivists are not like
cybercriminals who hack computer networks to steal data for the cash. They are individuals
or groups of hackers who work together and see themselves as fighting injustice.

State-sponsored Attacker

State-sponsored attackers have particular objectives aligned with either the political,
commercial or military interests of their country of origin. These type of attackers are not in
a hurry. The government organizations have highly skilled hackers and specialize in
detecting vulnerabilities and exploiting these before the holes are patched. It is very
challenging to defeat these attackers due to the vast resources at their disposal.

Insider Threats

The insider threat is a threat to an organization's security or data that comes from within.
These type of threats are usually occurred from employees or former employees, but may
also arise from third parties, including contractors, temporary workers, employees or
customers.
Insider threats can be categorized below-

Malicious-

Malicious threats are attempts by an insider to access and potentially harm an

organization's data, systems or IT infrastructure. These insider threats are often attributed
to dissatisfied employees or ex-employees who believe that the organization was doing
something wrong with them in some way, and they feel justified in seeking revenge.

Insiders may also become threats when they are disguised by malicious outsiders, either
through financial incentives or extortion.

Accidental-

Accidental threats are threats which are accidently done by insider employees. In this type
of threats, an employee might accidentally delete an important file or inadvertently share
confidential data with a business partner going beyond company?s policy or legal
requirements.

Negligent-

These are the threats in which employees try to avoid the policies of an organization put in
place to protect endpoints and valuable data. For example, if the organization have strict
policies for external file sharing, employees might try to share work on public cloud
applications so that they can work at home. There is nothing wrong with these acts, but
they can open up to dangerous threats nonetheless.

Cyber Security Tools

Protecting our IT environment is very critical. Every organization needs to take
cybersecurity very seriously. There are numbers of hacking attacks which affecting
businesses of all sizes. Hackers, malware, viruses are some of the real security threats in
the virtual world. It is essential that every company is aware of the dangerous security
attacks and it is necessary to keep themselves secure. There are many different aspects of
the cyber defence may need to be considered. Here are six essential tools and services that
every organization needs to consider to ensure their cybersecurity is as strong as possible.
They are described below:

1. Firewalls

As we know, the firewall is the core of security tools, and it becomes one of the most
important security tools. Its job is to prevent unauthorized access to or from a private
network. It can be implemented as hardware, software, or a combination of both. The
firewalls are used to prevent unauthorized internet users from accessing private networks
connected to the Internet. All messages are entering or leaving the intranet pass through
the firewall. The firewall examines each message and blocks those messages that do not
meet the specified security criteria.

The Firewall is very useful, but it has limitations also. A skilled hacker knew how to create
data and programs that are believing like trusted firewalls. It means that we can pass the
program through the firewall without any problems. Despite these limitations, firewalls are
still very useful in the protection of less sophisticated malicious attacks on our system.

2. Antivirus Software

Antivirus software is a program which is designed to prevent, detect, and remove viruses
and other malware attacks on the individual computer, networks, and IT systems. It also
protects our computers and networks from the variety of threats and viruses such as Trojan
horses, worms, keyloggers, browser hijackers, rootkits, spyware, botnets, adware, and
ransomware. Most antivirus program comes with an auto-update feature and enabling the
system to check for new viruses and threats regularly. It provides some additional services
such as scanning emails to ensure that they are free from malicious attachments and web
links.

3. PKI Services

PKI stands for Public Key Infrastructure. This tool supports the distribution and identification
of public encryption keys. It enables users and computer systems to securely exchange data
over the internet and verify the identity of the other party. We can also exchange sensitive
information without PKI, but in that case, there would be no assurance of the authentication
of the other party.

People associate PKI with SSL or TLS. It is the technology which encrypts the server
communication and is responsible for HTTPS and padlock that we can see in our browser
address bar. PKI solve many numbers of cybersecurity problems and deserves a place in the
organization security suite.
PKI can also be used to:

o Enable Multi-Factor Authentication and access control

o Create compliant, Trusted Digital Signatures.

o Encrypt email communications and authenticate the sender's identity.

o Digitally sign and protect the code.

o Build identity and trust into IoT ecosystems.

4. Managed Detection and Response Service (MDR)

Today's cybercriminals and hackers used more advanced techniques and software to breach
organization security So, there is a necessity for every businesses to be used more powerful
forms of defences of cybersecurity. MDR is an advanced security service that provides
threat hunting, threat intelligence, security monitoring, incident analysis, and incident
response. It is a service that arises from the need for organizations (who has a lack of
resources) to be more aware of risks and improve their ability to detect and respond to
threats. MDR also uses Artificial Intelligence and machine learning to investigate, auto
detect threats, and orchestrate response for faster result.

The managed detection and response has the following characteristics:

o Managed detection and response is focused on threat detection, rather than

compliance.

o MDR relies heavily on security event management and advanced analytics.

o While some automation is used, MDR also involves humans to monitor our network.

o MDR service providers also perform incident validation and remote response.

5. Penetration Testing

Penetration testing, or pen-test, is an important way to evaluate our business's security

systems and security of an IT infrastructure by safely trying to exploit vulnerabilities. These
vulnerabilities exist in operating systems, services and application, improper configurations
or risky end-user behavior. In Penetration testing, cybersecurity professionals will use the
same techniques and processes utilized by criminal hackers to check for potential threats
and areas of weakness.
A pen test attempts the kind of attack a business might face from criminal hackers such as
password cracking, code injection, and phishing. It involves a simulated real-world attack on
a network or application. This tests can be performed by using manual or automated
technologies to systematically evaluate servers, web applications, network devices,
endpoints, wireless networks, mobile devices and other potential points of vulnerabilities.
Once the pen test has successfully taken place, the testers will present us with their findings
threats and can help by recommending potential changes to our system.

6. Staff Training

Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable employees
who understand the cybersecurity which is one of the strongest forms of defence against
cyber-attacks. Today's many training tools available that can educate company's staff about
the best cybersecurity practices. Every business can organize these training tools to educate
their employee who can understand their role in cybersecurity.

We know that cyber-criminals continue to expand their techniques and level of

sophistication to breach businesses security, it has made it essential for organizations to
invest in these training tools and services. Failing to do this, they can leave the organization
in a position where hackers would be easily targeted their security system. So, the expense
of the investment on these training tools might put a reward for the business organization
with long-term security and protection.

Cyber Security Challenges

Today cybersecurity is the main component of the country's overall national security and
economic security strategies. In India, there are so many challenges related to
cybersecurity. With the increase of the cyber-attacks, every organization needs a security
analyst who makes sure that their system is secured. These security analysts face many
challenges related to cybersecurity such as securing confidential data of government
organizations, securing the private organization servers, etc.
The recent important cybersecurity challenges are described below:

1. Ransomware Evolution

Ransomware is a type of malware in which the data on a victim's computer is locked, and
payment is demanded before the ransomed data is unlocked. After successful payment,
access rights returned to the victim. Ransomware is the bane of cybersecurity, data
professionals, IT, and executives.

Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals
and business leaders need to have a powerful recovery strategy against the malware
attacks to protect their organization. It involves proper planning to recover corporate and
customers' data and application as well as reporting any breaches against the Notifiable
Data Breaches scheme. Today's DRaaS solutions are the best defence against the
ransomware attacks. With DRaaS solutions method, we can automatically back up our files,
easily identify which backup is clean, and launch a fail-over with the press of a button when
malicious attacks corrupt our data.
2. Blockchain Revolution

Blockchain technology is the most important invention in computing era. It is the first time
in human history that we have a genuinely native digital medium for peer-to-peer value
exchange. The blockchain is a technology that enables cryptocurrencies like Bitcoin. The
blockchain is a vast global platform that allows two or more parties to do a transaction or do
business without needing a third party for establishing trust.

It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The
professionals in cybersecurity can make some educated guesses regarding blockchain. As
the application and utility of blockchain in a cybersecurity context emerges, there will be a
healthy tension but also complementary integrations with traditional, proven, cybersecurity
approaches.

3. IoT Threats

IoT stands for Internet of Things. It is a system of interrelated physical devices which can
be accessible through the internet. The connected physical devices have a unique identifier
(UID) and have the ability to transfer data over a network without any requirements of the
human-to-human or human-to-computer interaction. The firmware and software which is
running on IoT devices make consumer and businesses highly susceptible to cyber-attacks.

When IoT things were designed, it is not considered in mind about the used in cybersecurity
and for commercial purposes. So every organization needs to work with cybersecurity
professionals to ensure the security of their password policies, session handling, user
verification, multifactor authentication, and security protocols to help in managing the risk.

4. AI Expansion

AI short form is Artificial intelligence. According to John McCarthy, father of Artificial

Intelligence defined AI: "The science and engineering of making intelligent machines,
especially intelligent computer programs."

It is an area of computer science which is the creation of intelligent machines that do work
and react like humans. Some of the activities related to artificial intelligence include speech
recognition, Learning, Planning, Problem-solving, etc. The key benefits with AI into our
cybersecurity strategy has the ability to protect and defend an environment when the
malicious attack begins, thus mitigating the impact. AI take immediate action against the
malicious attacks at a moment when a threats impact a business. IT business leaders and
cybersecurity strategy teams consider AI as a future protective control that will allow our
business to stay ahead of the cybersecurity technology curve.

5. Serverless Apps Vulnerability

Serverless architecture and apps is an application which depends on third-party cloud

infrastructure or on a back-end service such as google cloud function, Amazon web services
(AWS) lambda, etc. The serverless apps invite the cyber attackers to spread threats on their
system easily because the users access the application locally or off-server on their device.
Therefore it is the user responsibility for the security precautions while using serverless
application.

The serverless apps do nothing to keep the attackers away from our data. The serverless
application doesn't help if an attacker gains access to our data through a vulnerability such
as leaked credentials, a compromised insider or by any other means then serverless.

We can run software with the application which provides best chance to defeat the
cybercriminals. The serverless applications are typically small in size. It helps developers to
launch their applications quickly and easily. They don't need to worry about the underlying
infrastructure. The web-services and data processing tools are examples of the most
common serverless apps.

Cyber Security Risk Analysis

Risk analysis refers to the review of risks associated with the particular action or event. The
risk analysis is applied to information technology, projects, security issues and any other
event where risks may be analysed based on a quantitative and qualitative basis. Risks are
part of every IT project and business organizations. The analysis of risk should be occurred
on a regular basis and be updated to identify new potential threats. The strategic risk
analysis helps to minimize the future risk probability and damage.

Enterprise and organization used risk analysis:

o To anticipates and reduce the effect of harmful results occurred from adverse events.

o To plan for technology or equipment failure or loss from adverse events, both natural
and human-caused.

o To evaluate whether the potential risks of a project are balanced in the decision
process when evaluating to move forward with the project.

o To identify the impact of and prepare for changes in the enterprise environment.

Benefits of risk analysis

Every organization needs to understand about the risks associated with their information
systems to effectively and efficiently protect their IT assets. Risk analysis can help an
organization to improve their security in many ways. These are:

o Concerning financial and organizational impacts, it identifies, rate and compares the
overall impact of risks related to the organization.

o It helps to identify gaps in information security and determine the next steps to
eliminate the risks of security.

o It can also enhance the communication and decision-making processes related to

information security.

o It improves security policies and procedures as well as develop cost-effective

methods for implementing information security policies and procedures.

o It increases employee awareness about risks and security measures during the risk
analysis process and understands the financial impacts of potential security risks.
Steps in the risk analysis process
The basic steps followed by a risk analysis process are:

Conduct a risk assessment survey:

Getting the input from management and department heads is critical to the risk assessment
process. The risk assessment survey refers to begin documenting the specific risks or
threats within each department.

Identify the risks:

This step is used to evaluate an IT system or other aspects of an organization to identify the
risk related to software, hardware, data, and IT employees. It identifies the possible
adverse events that could occur in an organization such as human error, flooding, fire, or
earthquakes.

Analyse the risks:

Once the risks are evaluated and identified, the risk analysis process should analyse each
risk that will occur, as well as determine the consequences linked with each risk. It also
determines how they might affect the objectives of an IT project.

Develop a risk management plan:

After analysis of the Risk that provides an idea about which assets are valuable and which
threats will probably affect the IT assets negatively, we would develop a plan for risk
management to produce control recommendations that can be used to mitigate, transfer,
accept or avoid the risk.

Implement the risk management plan:

The primary goal of this step is to implement the measures to remove or reduce the
analyses risks. We can remove or reduce the risk from starting with the highest priority and
resolve or at least mitigate each risk so that it is no longer a threat.
Monitor the risks:

This step is responsible for monitoring the security risk on a regular basis for identifying,
treating and managing risks that should be an essential part of any risk analysis process.

Types of Risk Analysis

The essential number of distinct approaches related to risk analysis are:

Qualitative Risk Analysis

o The qualitative risk analysis process is a project management technique that
prioritizes risk on the project by assigning the probability and impact number.
Probability is something a risk event will occur whereas impact is the significance of
the consequences of a risk event.

o The objective of qualitative risk analysis is to assess and evaluate the characteristics
of individually identified risk and then prioritize them based on the agreed-upon
characteristics.

o The assessing individual risk evaluates the probability that each risk will occur and
effect on the project objectives. The categorizing risks will help in filtering them out.

o Qualitative analysis is used to determine the risk exposure of the project by

multiplying the probability and impact.
Quantitative Risk Analysis

o The objectives of performing quantitative risk analysis process provide a numerical

estimate of the overall effect of risk on the project objectives.

o It is used to evaluate the likelihood of success in achieving the project objectives and
to estimate contingency reserve, usually applicable for time and cost.

o Quantitative analysis is not mandatory, especially for smaller projects. Quantitative

risk analysis helps in calculating estimates of overall project risk which is the main
focus.